b'Department of Homeland Security\n   Of\xef\xac\x81ce of Inspector General\n\n       Evaluation of DHS\xe2\x80\x99 Security Program \n\n     and Practices for Intelligence Systems for \n\n                 Fiscal Year 2011 \n\n\n              (Unclassified Summary) \n\n\n\n\n\nOIG-11-98                                    July 2011\n\x0c                                                              Office of Inspector General\n\n                                                              U.S. Department of Homeland Security\n                                                              Washington, DC 20528\n\n\n\n\n                           Office of Inspector General \n\n  Evaluation of DHS\xe2\x80\x99 Security Program and Practices for Intelligence Systems for \n\n                                Fiscal Year 2011 \n\n                                    OIG-11-98 \n\n\n\nWe reviewed the Department of Homeland Security\xe2\x80\x99s (DHS) enterprise-wide security\nprogram and practices for Top Secret/Sensitive Compartmented Information intelligence\nsystems. Pursuant to the Federal Information Security Management Act of 2002, we\nreviewed the department\xe2\x80\x99s security management, implementation, and evaluation of its\nintelligence activities, including its policies, procedures, and system security controls for\nenterprise-wide intelligence systems. In doing so, we assessed the department\xe2\x80\x99s\nassessment and authorization, incident response and reporting, information security\ntraining, plan of action and milestones, continuous monitoring, and contingency planning\nprograms.\n\nThe department continued to improve its enterprise-wide information security\nmanagement program for intelligence systems. DHS has developed information security\npolicies and procedures and implemented effective security controls on intelligence\nsystems. While system controls have been strengthened, more oversight is needed to\nensure the security program\xe2\x80\x99s policies are implemented. We have concerns with the\noversight of component plans of actions and milestones, verification of the intelligence\nsystems inventory, establishment of a department-wide continuous monitoring program,\nand development of an information security training program for intelligence personnel.\nFieldwork was conducted from April through July 2011. (OIG-11-98, July 2011, IT)\n\x0cADDITIONAL INFORMATION AND COPIES\n\nTo obtain additional copies of this report, please call the Office of Inspector General (OIG) at (202) 254-4100,\nfax your request to (202) 254-4305, or visit the OIG web site at www.dhs.gov/oig.\n\n\nOIG HOTLINE\n\nTo report alleged fraud, waste, abuse or mismanagement, or any other kind of criminal or noncriminal\nmisconduct relative to department programs or operations:\n\n\xe2\x80\xa2 Call our Hotline at 1-800-323-8603;\n\n\xe2\x80\xa2 Fax the complaint directly to us at (202) 254-4292;\n\n\xe2\x80\xa2 Email us at DHSOIGHOTLINE@dhs.gov; or\n\n\xe2\x80\xa2 Write to us at:\n       DHS Office of Inspector General/MAIL STOP 2600,\n       Attention: Office of Investigations - Hotline,\n       245 Murray Drive, SW, Building 410,\n       Washington, DC 20528.\n\n\nThe OIG seeks to protect the identity of each writer and caller.\n\x0c'